Gregory's Serverwishing a very happy
"is it safe to use __SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED?"
day to everyone who celebrates
 30 comments
@shellheim @mjk what kinds of interview questions do people use to filter out this mindset? @ech @shellheim @mjk We put a marshmallow on the waiting room table and promise candidates an additional reward if they can wait fifteen minutes.  @shellheim @mjk I'm honestly kind of heartened by the fact that they appeared to listen and not actually do it. Maybe people can learn after all. @shellheim @mjk my favorite part: > > We offer no guarantees about what will happen if you access things there. ... misunderstands what either "stable API" or "internal state" means _so hard_. The maintainer did a great job of being polite and pointing out that there was a scary name and you could break, but that at the end of the day, it's the author's choice to reach into library internals.  @shellheim @mjk This does beg the question still though; why *does* the variable exist? What does it actually do that it needs to exist, but *also* indicate that you will be fired if you use it? It also presumes that ever developer is proficient in English. @AT1ST @shellheim @mjk The variable exists because React needs some way to pass around internal state; it has a scary name because all variable names in the code are visible and developers will latch onto any undocumented state value that has the thing they need at that moment, and complain when it moves or breaks. It's the reason the Windows APIs are such a mess: they have to maintain bugs in the old versions that some program happens to rely on. Relevant xkcd: https://xkcd.com/1172/ @Two9A @shellheim @mjk I guess my next question is why it is such a large encompassing internal state variable, and they didn't instead go with "__INTERNAL_STATE_X" and "__INTERNAL_STATE_Y" for individual X and Y parts of the internal state. Instead it's one *giant* "Do Not Touch" variable that does not explain *why* it needs to exist.   @mjk One of my favorites to see when looking at web banking app security xD  @mjk when I worked at a storage company we had a special kind of disk-erase that was only supposed to he used in special circumstances, because it could cause physical damage to the drive if used wrong. The flag was --my-resume-is-up-to-date @4censord @foone @mjk this one iirc, haven't checked if the demo is recorded https://media.ccc.de/v/35c3-9671-self-encrypting_deception  |
@mjk In case anyone wants to do a read through.
https://github.com/reactjs/react.dev/issues/3896